<!--METADATA TYPE="typelib" UUID="CD000000-8B95-11D1-82DB-00C04FB1625D" NAME="CDO for Windows 2000 Type Library" -->
<!--METADATA TYPE="typelib" UUID="00000205-0000-0010-8000-00AA006D2EA4" NAME="ADODB Type Library" -->
<%
'#################################################################################
'## UnWritten Open Source Blog Engine
'#################################################################################
'## Copyright (C) 2008 Luigi Violin
'##
'## This program is free software: you can redistribute it and/or modify
'## it under the terms of the GNU General Public License as published by
'## the Free Software Foundation, either version 2 of the License, or
'## (at your option) any later version.
'##
'## This program is distributed in the hope that it will be useful,
'## but WITHOUT ANY WARRANTY; without even the implied warranty of
'## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
'## GNU General Public License for more details.
'##
'## You should have received a copy of the GNU General Public License
'## along with this program.  If not, see <http://www.gnu.org/licenses/>.
'##
'## You can obtain support from our forums at:
'##     <http://www.unwrittenblog.com/forums/>
'## Contact the author directly:
'##     <zaamit@hotmail.com/>
'##
'#################################################################################
%>
<%
page_name = ""
page_action = "lost-password"
%>

<!--#include virtual="/default.asp"-->

<%
function lostPassForm()
	lostPassForm = ""
	lostPassForm = lostPassForm & "<h1>Recover your password</h1>"
if request.QueryString("u") <> "" and request.QueryString("s") <> "" then
  'OK to reset pass
  dbRS2.open "select * from " & db_prefix & "users where id = " & request.QueryString("u") & " and activation_key = '" & request.QueryString("s") & "'",dbConn
  if dbRS2.eof then
  	'invalid request
	lostPassForm = lostPassForm & "Something went wrong, please <a href=""/lost-password.asp"">try again</a>."
	else
		'change pass
		apass = genRndStr(7)
		Dim sha1s,spws
		set sha1s =  GetObject("script:"&Server.MapPath("/includes/sha1.wsc"))
		sha1s.hexcase = 1
		spws = apass
    	spws = sha1s.hex_hmac_sha1("0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b", spws)
		set sha1s = nothing
		dbConn.execute "update " & db_prefix & "users set password = '" & spws & "', activation_key = '' where id = " & dbRS2("id")
		lostPassForm = lostPassForm & "Hello " & dbRS2("login") & ", you have succesfully reset your password, which is now:<br /><br /><strong>" & apass & "</strong><br /><br /><br />Please login and change it as soon as possible."
  end if
  dbRS2.close
  else
  if request.form("mail") <> "" then
  	dbRS2.open "select * from " & db_prefix & "users where email = '" & request.Form("mail") & "'",dbConn
	if dbRS2.eof then
		lostPassForm = lostPassForm & "<div class=""info"">Sorry, we couldn't find that email address in our records.</div><br /><br />"	
		else
			akey = genRndStr(25)
			dbConn.execute "update " & db_prefix & "users set activation_key = '" & akey & "' where id = " & dbRS2("id")
			Dim testo
			testo = testo & "Hello,<br /> a password reset has been requested for your account at " & strip_html(zb_name) & "." & "<br /><br />"
			testo = testo & "Please ckick the following link to complete the process or just ignore this email to leave your password as it is now.<br /><br />"
			testo = testo & "<a href=""" & zb_root & "/lost-password.asp?u=" & dbRS2("id") & "&s=" & akey & """>Reset your password</a><br /><br />"
			testo = testo & "Best regards, <br />The " & strip_html(zb_name) & " team."
			sendEmail testo,strip_html(zb_name) & " - Password Reset",cfg_mailfrom,request.Form("mail")
  			lostPassForm = lostPassForm & "<div class=""info"">Done, please check your email now.</div><br /><br />"
	end if
	dbRS2.close
  end if
	lostPassForm = lostPassForm & "Please tell us the email address you signed up with, you will be given the option to reset your password.<br />"
	lostPassForm = lostPassForm & "<form method=""post"">" & vbcrlf
	lostPassForm = lostPassForm & "<strong>E-Mail address: <input type=""text"" name=""mail"" size=""30"" />" & vbcrlf
	lostPassForm = lostPassForm & "&nbsp;<input type=""submit"" value=""Reset Password"" />" & vbcrlf
	lostPassForm = lostPassForm & "</form>"	
end if
end function
%>